Binance, one of the world’s largest cryptocurrency exchanges, has revealed that it is being blackmailed to the tune of 300 Bitcoin (approximately US $3.5 million) by someone who is threatening to release some 10,000 sensitive photographs of its customers.
And in an attempt to identify its blackmailer, Binance has put a 25 Bitcoin (approximately US $290,000) bounty on their head.
The content allegedly stolen from Binance purports to be know-your-customer (KYC) data uploaded by the cryptocurrency exchange’s customers when they first registered their accounts. That information includes photographs as well as passport details and IDs.
Banks and financial institutions are required to request identifying KYC data from investors in order to stem illegal activities such as fraud, money laundering and the financing of terrorist organizations.
Although not directly denying that the sensitive data is of its customers, Binance does point out how there are “inconsistencies” that suggest it may not have been stolen from the firm. Part of Binance’s reasoning is that it says it adds a watermark to images uploaded when it requests KYC data, thereby making it easier–if a data leak does ever occur–to identify where it might have originated:
At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system. With that said, our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images.
The cryptocurrency exchange does, however, note that the images made public “all appear to be dated from February 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time.”
The implication is clear: if these (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/cryptocurrency-exchange-binance-offers-290000-bounty-to-unmask-blackmailer/